Blame policy/modules/kernel/mcs.if
|
Chris PeBenito |
17de1b |
## <summary>Multicategory security policy</summary>
|
|
Chris PeBenito |
17de1b |
## <required val="true">
|
|
Chris PeBenito |
17de1b |
## Contains attributes used in MCS policy.
|
|
Chris PeBenito |
17de1b |
## </required>
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
########################################
|
|
Chris PeBenito |
17de1b |
## <summary>
|
|
Chris PeBenito |
17de1b |
## This domain is allowed to sigkill and sigstop
|
|
Chris PeBenito |
465510 |
## all domains regardless of their MCS category set.
|
|
Chris PeBenito |
17de1b |
## </summary>
|
|
Chris PeBenito |
17de1b |
## <param name="domain">
|
|
Chris PeBenito |
17de1b |
## <summary>
|
|
Chris PeBenito |
17de1b |
## Domain target for user exemption.
|
|
Chris PeBenito |
17de1b |
## </summary>
|
|
Chris PeBenito |
17de1b |
## </param>
|
|
Chris PeBenito |
bbcd3c |
## <rolecap/>
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
interface(`mcs_killall',`
|
|
Chris PeBenito |
17de1b |
gen_require(`
|
|
Chris PeBenito |
17de1b |
attribute mcskillall;
|
|
Chris PeBenito |
17de1b |
')
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
typeattribute $1 mcskillall;
|
|
Chris PeBenito |
17de1b |
')
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
########################################
|
|
Chris PeBenito |
17de1b |
## <summary>
|
|
Chris PeBenito |
465510 |
## This domain is allowed to ptrace
|
|
Chris PeBenito |
465510 |
## all domains regardless of their MCS
|
|
Chris PeBenito |
465510 |
## category set.
|
|
Chris PeBenito |
465510 |
## </summary>
|
|
Chris PeBenito |
465510 |
## <param name="domain">
|
|
Chris PeBenito |
465510 |
## <summary>
|
|
Chris PeBenito |
465510 |
## Domain target for user exemption.
|
|
Chris PeBenito |
465510 |
## </summary>
|
|
Chris PeBenito |
465510 |
## </param>
|
|
Chris PeBenito |
465510 |
#
|
|
Chris PeBenito |
465510 |
interface(`mcs_ptrace_all',`
|
|
Chris PeBenito |
465510 |
gen_require(`
|
|
Chris PeBenito |
465510 |
attribute mcsptraceall;
|
|
Chris PeBenito |
465510 |
')
|
|
Chris PeBenito |
465510 |
|
|
Chris PeBenito |
465510 |
typeattribute $1 mcsptraceall;
|
|
Chris PeBenito |
465510 |
')
|
|
Chris PeBenito |
465510 |
|
|
Chris PeBenito |
465510 |
########################################
|
|
Chris PeBenito |
465510 |
## <summary>
|
|
Chris PeBenito |
17de1b |
## Make specified domain MCS trusted
|
|
Chris PeBenito |
17de1b |
## for setting any category set for
|
|
Chris PeBenito |
17de1b |
## the processes it executes.
|
|
Chris PeBenito |
17de1b |
## </summary>
|
|
Chris PeBenito |
17de1b |
## <param name="domain">
|
|
Chris PeBenito |
17de1b |
## <summary>
|
|
Chris PeBenito |
17de1b |
## Domain target for user exemption.
|
|
Chris PeBenito |
17de1b |
## </summary>
|
|
Chris PeBenito |
17de1b |
## </param>
|
|
Chris PeBenito |
17de1b |
#
|
|
Chris PeBenito |
17de1b |
interface(`mcs_process_set_categories',`
|
|
Chris PeBenito |
17de1b |
gen_require(`
|
|
Chris PeBenito |
17de1b |
attribute mcssetcats;
|
|
Chris PeBenito |
17de1b |
')
|
|
Chris PeBenito |
17de1b |
|
|
Chris PeBenito |
17de1b |
typeattribute $1 mcssetcats;
|
|
Chris PeBenito |
17de1b |
')
|